

## CLAIMS

What is claimed is:

1       1. A platform comprising:  
2              a processor executing in one of a normal execution mode and an  
3     isolated execution mode;  
4              a system memory including an isolated area, an isolated output  
5     area, and a non-isolated area; and  
6              an output device.

1       2. The platform of claim 1 wherein the output device is a graphics  
2     card.

1       3. The platform of claim 2 further comprising:  
2              a memory control hub (MCH) coupled between the system memory,  
3     and the processor and the graphics card, the memory control hub to permit the  
4     graphics card to access the isolated output area only when the graphics card is in  
5     isolated access mode.

1       4. The platform of claim 3 wherein the graphics card comprises:  
2              a direct memory access (DMA) controller and wherein local storage  
3     of the data from the isolated output area is not permitted.

1       5. The platform of claim 3 wherein only the graphics card is permitted  
2     to read the isolated output area.

1       6. The platform of claim 1 further comprising:  
2              an operating system (O/S) nub having a driver to write display data  
3     into the isolated output area when the processor is executing in isolated  
4     execution mode.

1       7. The platform of claim 3 further comprising:  
2              a link between the graphics card and the MCH having an isolated  
3 transaction type.

1       8. The platform of claim 3 wherein the MCH only permits the O/S  
2 nub to write to the isolated output area.

1       9. The platform of claim 7 wherein the link is a secure accelerated  
2 graphics port bus.

1       10. The platform of claim 2 wherein the graphics card comprises:  
2              an isolated bit plane; and  
3              a non-isolated bit plane.

1       11. The platform of claim 10 wherein the graphics card denies all  
2 external access to the isolated bit plane.

1       12. A method comprising:  
2              establishing an isolated execution environment having an isolated  
3 execution mode; and  
4              preventing access to output data by any requester not operating in  
5 an isolated mode.

1       13. The method of claim 12 wherein establishing comprises:  
2              segregating a system memory into an isolated output area and a  
3 non-isolated area.

- 1        14. The method of claim 13 further comprising:  
2                issuing an isolated direct memory access (DMA) request for display  
3        data in the isolated output area from a graphics card; and  
4                refreshing the display based on the display data.
- 1        15. The method of claim 13 wherein preventing comprises:  
2                identifying if an isolated attribute is present in a request for access to  
3        the isolated output area; and  
4                denying the request if no isolated attribute is present.
- 1        16. The method of claim 13 further comprising:  
2                loading data from the isolated output area into a bit plane on a  
3        graphics card; and  
4                denying all external access to the bit plane.
- 1        17. The method of claim 16 further comprising:  
2                defining a first window for display of an image corresponding to the  
3        bit plane; and  
4                occluding all windows but the first window.
- 1        18. The method of claim 13 further comprising:  
2                retrieving data from the isolated output area;  
3                displaying an image corresponding to the data; and  
4                occluding the image prior to a platform transitioning out of isolated  
5        execution mode.
- 1        19. A platform comprising:  
2                a processor executing in one of a normal execution mode and an  
3        isolated execution mode;

4           a direct memory access (DMA) controller to issue requests for access  
5        to an isolated output area;  
6           a first interface coupled to the DMA controller to forward requests  
7        to a memory control hub (MCH); and  
8        a second interface coupled to the DMA controller to supply output data to an  
9        output device.

1           20.   The apparatus of claim 19 wherein the first interface is a secure  
2        accelerated graphics port (AGP) and the output device is a display.

1           21.   The apparatus of claim 19 wherein the DMA controller attaches an  
2        isolated attribute to any isolated output area access request.

1           22.   The apparatus of claim 19 wherein the second interface is an audio  
2        interface.